diff --git a/config/local.yaml b/config/local.yaml index 9391a4a6..7685aa3c 100644 --- a/config/local.yaml +++ b/config/local.yaml @@ -111,6 +111,9 @@ bee-configs: _inherit: "" allow-private-cidrs: true api-addr: ":1633" + autotls-ca-endpoint: "https://pebble:14000/dir" # https://pebble.local.svc.cluster.local:14000/dir + autotls-domain: "local.test" + autotls-registration-endpoint: http://p2p-forge.local.svc.cluster.local # "http://p2p-forge:8080" # http://p2p-forge.local.svc.cluster.local:8080/v1/_acme-challenge #http://p2p-forge:8080/v1/_acme-challenge block-time: 1 blockchain-rpc-endpoint: "ws://geth-swap:8546" bootnode-mode: false @@ -126,9 +129,12 @@ bee-configs: full-node: true mainnet: false nat-addr: "" + nat-wss-addr: "" network-id: 0 p2p-addr: ":1634" + p2p-wss-addr: ":1635" p2p-ws-enable: false + p2p-wss-enable: true password: "beekeeper" payment-early-percent: 50 payment-threshold: 13500000 diff --git a/pkg/config/bee.go b/pkg/config/bee.go index 6d2b5cdd..34366479 100644 --- a/pkg/config/bee.go +++ b/pkg/config/bee.go @@ -16,48 +16,54 @@ type BeeConfig struct { // parent to inherit settings from *Inherit `yaml:",inline"` // Bee configuration - AllowPrivateCIDRs *bool `yaml:"allow-private-cidrs"` - APIAddr *string `yaml:"api-addr"` - BlockchainRPCEndpoint *string `yaml:"blockchain-rpc-endpoint"` - BlockTime *uint64 `yaml:"block-time"` - BootnodeMode *bool `yaml:"bootnode-mode"` - Bootnodes *string `yaml:"bootnodes"` - CacheCapacity *uint64 `yaml:"cache-capacity"` - ChequebookEnable *bool `yaml:"chequebook-enable"` - CORSAllowedOrigins *string `yaml:"cors-allowed-origins"` - DataDir *string `yaml:"data-dir"` - DbBlockCacheCapacity *int `yaml:"db-block-cache-capacity"` - DbDisableSeeksCompaction *bool `yaml:"db-disable-seeks-compaction"` - DbOpenFilesLimit *int `yaml:"db-open-files-limit"` - DbWriteBufferSize *int `yaml:"db-write-buffer-size"` - FullNode *bool `yaml:"full-node"` - Mainnet *bool `yaml:"mainnet"` - NATAddr *string `yaml:"nat-addr"` - NetworkID *uint64 `yaml:"network-id"` - P2PAddr *string `yaml:"p2p-addr"` - P2PWSEnable *bool `yaml:"p2p-ws-enable"` - Password *string `yaml:"password"` - PaymentEarly *uint64 `yaml:"payment-early-percent"` - PaymentThreshold *uint64 `yaml:"payment-threshold"` - PaymentTolerance *uint64 `yaml:"payment-tolerance-percent"` - PostageContractStartBlock *uint64 `yaml:"postage-stamp-start-block"` - PostageStampAddress *string `yaml:"postage-stamp-address"` - PriceOracleAddress *string `yaml:"price-oracle-address"` - RedistributionAddress *string `yaml:"redistribution-address"` - ResolverOptions *string `yaml:"resolver-options"` - StakingAddress *string `yaml:"staking-address"` - StorageIncentivesEnable *string `yaml:"storage-incentives-enable"` - SwapEnable *bool `yaml:"swap-enable"` - SwapEndpoint *string `yaml:"swap-endpoint"` // deprecated: use blockchain-rpc-endpoint - SwapFactoryAddress *string `yaml:"swap-factory-address"` - SwapInitialDeposit *uint64 `yaml:"swap-initial-deposit"` - TracingEnabled *bool `yaml:"tracing-enabled"` - TracingEndpoint *string `yaml:"tracing-endpoint"` - TracingServiceName *string `yaml:"tracing-service-name"` - Verbosity *uint64 `yaml:"verbosity"` - WarmupTime *time.Duration `yaml:"warmup-time"` - WelcomeMessage *string `yaml:"welcome-message"` - WithdrawAddress *string `yaml:"withdrawal-addresses-whitelist"` + AllowPrivateCIDRs *bool `yaml:"allow-private-cidrs"` + APIAddr *string `yaml:"api-addr"` + AutoTLSCAEndpoint *string `yaml:"autotls-ca-endpoint"` + AutoTLSDomain *string `yaml:"autotls-domain"` + AutoTLSRegistrationEndpoint *string `yaml:"autotls-registration-endpoint"` + BlockchainRPCEndpoint *string `yaml:"blockchain-rpc-endpoint"` + BlockTime *uint64 `yaml:"block-time"` + BootnodeMode *bool `yaml:"bootnode-mode"` + Bootnodes *string `yaml:"bootnodes"` + CacheCapacity *uint64 `yaml:"cache-capacity"` + ChequebookEnable *bool `yaml:"chequebook-enable"` + CORSAllowedOrigins *string `yaml:"cors-allowed-origins"` + DataDir *string `yaml:"data-dir"` + DbBlockCacheCapacity *int `yaml:"db-block-cache-capacity"` + DbDisableSeeksCompaction *bool `yaml:"db-disable-seeks-compaction"` + DbOpenFilesLimit *int `yaml:"db-open-files-limit"` + DbWriteBufferSize *int `yaml:"db-write-buffer-size"` + FullNode *bool `yaml:"full-node"` + Mainnet *bool `yaml:"mainnet"` + NATAddr *string `yaml:"nat-addr"` + NATWSSAddr *string `yaml:"nat-wss-addr"` + NetworkID *uint64 `yaml:"network-id"` + P2PAddr *string `yaml:"p2p-addr"` + P2PWSEnable *bool `yaml:"p2p-ws-enable"` + P2PWSSAddr *string `yaml:"p2p-wss-addr"` + P2PWSSEnable *bool `yaml:"p2p-wss-enable"` + Password *string `yaml:"password"` + PaymentEarly *uint64 `yaml:"payment-early-percent"` + PaymentThreshold *uint64 `yaml:"payment-threshold"` + PaymentTolerance *uint64 `yaml:"payment-tolerance-percent"` + PostageContractStartBlock *uint64 `yaml:"postage-stamp-start-block"` + PostageStampAddress *string `yaml:"postage-stamp-address"` + PriceOracleAddress *string `yaml:"price-oracle-address"` + RedistributionAddress *string `yaml:"redistribution-address"` + ResolverOptions *string `yaml:"resolver-options"` + StakingAddress *string `yaml:"staking-address"` + StorageIncentivesEnable *string `yaml:"storage-incentives-enable"` + SwapEnable *bool `yaml:"swap-enable"` + SwapEndpoint *string `yaml:"swap-endpoint"` // deprecated: use blockchain-rpc-endpoint + SwapFactoryAddress *string `yaml:"swap-factory-address"` + SwapInitialDeposit *uint64 `yaml:"swap-initial-deposit"` + TracingEnabled *bool `yaml:"tracing-enabled"` + TracingEndpoint *string `yaml:"tracing-endpoint"` + TracingServiceName *string `yaml:"tracing-service-name"` + Verbosity *uint64 `yaml:"verbosity"` + WarmupTime *time.Duration `yaml:"warmup-time"` + WelcomeMessage *string `yaml:"welcome-message"` + WithdrawAddress *string `yaml:"withdrawal-addresses-whitelist"` } func (b BeeConfig) GetParentName() string { diff --git a/pkg/orchestration/k8s/helpers.go b/pkg/orchestration/k8s/helpers.go index 64ae4350..ae91726d 100644 --- a/pkg/orchestration/k8s/helpers.go +++ b/pkg/orchestration/k8s/helpers.go @@ -15,6 +15,9 @@ const ( configTemplate = ` allow-private-cidrs: {{ .AllowPrivateCIDRs }} api-addr: {{.APIAddr}} +autotls-ca-endpoint: {{.AutoTLSCAEndpoint}} +autotls-domain: {{.AutoTLSDomain}} +autotls-registration-endpoint: {{.AutoTLSRegistrationEndpoint}} block-time: {{ .BlockTime }} blockchain-rpc-endpoint: {{.BlockchainRPCEndpoint}} bootnode-mode: {{.BootnodeMode}} @@ -30,9 +33,12 @@ db-write-buffer-size: {{.DbWriteBufferSize}} full-node: {{.FullNode}} mainnet: {{.Mainnet}} nat-addr: {{.NATAddr}} +nat-wss-addr: {{.NATWSSAddr}} network-id: {{.NetworkID}} p2p-addr: {{.P2PAddr}} p2p-ws-enable: {{.P2PWSEnable}} +p2p-wss-addr: {{.P2PWSSAddr}} +p2p-wss-enable: {{.P2PWSSEnable}} password: {{.Password}} payment-early-percent: {{.PaymentEarly}} payment-threshold: {{.PaymentThreshold}} @@ -81,6 +87,7 @@ type setContainersOptions struct { ImagePullPolicy string PortAPI int32 PortP2P int32 + PortP2PWSS int32 PersistenceEnabled bool ResourcesLimitCPU string ResourcesLimitMemory string @@ -96,18 +103,29 @@ func setContainers(o setContainersOptions) (c containers.Containers) { Image: o.Image, ImagePullPolicy: o.ImagePullPolicy, Command: []string{"bee", "start", "--config=.bee.yaml"}, - Ports: containers.Ports{ - { - Name: "api", - ContainerPort: o.PortAPI, - Protocol: "TCP", - }, - { - Name: "p2p", - ContainerPort: o.PortP2P, - Protocol: "TCP", - }, - }, + Ports: func() containers.Ports { + ports := containers.Ports{ + { + Name: "api", + ContainerPort: o.PortAPI, + Protocol: "TCP", + }, + { + Name: "p2p", + ContainerPort: o.PortP2P, + Protocol: "TCP", + }, + } + // Add p2p-wss port if configured + if o.PortP2PWSS > 0 { + ports = append(ports, containers.Port{ + Name: "p2p-wss", + ContainerPort: o.PortP2PWSS, + Protocol: "TCP", + }) + } + return ports + }(), LivenessProbe: containers.Probe{HTTPGet: &containers.HTTPGetProbe{ InitialDelaySeconds: 5, Handler: containers.HTTPGetHandler{ @@ -257,33 +275,23 @@ func setPersistentVolumeClaims(o setPersistentVolumeClaimsOptions) (pvcs pvc.Per return pvcs } -type setBeeNodePortOptions struct { - AppProtocol string - Name string - Protocol string - TargetPort string - Port int32 - NodePort int32 -} - -func setBeeNodePort(o setBeeNodePortOptions) (ports service.Ports) { - if o.NodePort > 0 { - return service.Ports{{ - AppProtocol: "TCP", - Name: "p2p", - Protocol: "TCP", - Port: o.Port, - TargetPort: "p2p", - Nodeport: o.NodePort, - }} +// createServicePort creates a service port with optional NodePort. +// If targetPort is empty, it defaults to name. +func createServicePort(name string, port int32, targetPort string, nodePort int32) service.Port { + if targetPort == "" { + targetPort = name } - return service.Ports{{ + p := service.Port{ AppProtocol: "TCP", - Name: "p2p", + Name: name, Protocol: "TCP", - Port: o.Port, - TargetPort: "p2p", - }} + Port: port, + TargetPort: targetPort, + } + if nodePort > 0 { + p.Nodeport = nodePort + } + return p } func parsePort(port string) (int32, error) { diff --git a/pkg/orchestration/k8s/orchestrator.go b/pkg/orchestration/k8s/orchestrator.go index 49bfc33f..8edf4314 100644 --- a/pkg/orchestration/k8s/orchestrator.go +++ b/pkg/orchestration/k8s/orchestrator.go @@ -196,22 +196,42 @@ func (n *nodeOrchestrator) Create(ctx context.Context, o orchestration.CreateOpt } } + var portP2PWSS int32 + if len(o.Config.P2PWSSAddr) > 0 { + portP2PWSS, err = parsePort(o.Config.P2PWSSAddr) + if err != nil { + return fmt.Errorf("parsing P2P WSS port from config: %w", err) + } + } + + var nodePortP2PWSS int32 + if len(o.Config.NATWSSAddr) > 0 { + nodePortP2PWSS, err = parsePort(o.Config.NATWSSAddr) + if err != nil { + return fmt.Errorf("parsing NAT WSS address from config: %w", err) + } + } + p2pSvc := fmt.Sprintf("%s-p2p", o.Name) + + // Build ports for p2p service + p2pPorts := service.Ports{ + createServicePort("p2p", portP2P, "", nodePortP2P), + } + + // Add p2p-wss port if P2PWSSAddr is configured + if portP2PWSS > 0 { + p2pPorts = append(p2pPorts, createServicePort("p2p-wss", portP2PWSS, "", nodePortP2PWSS)) + } + if _, err := n.k8s.Service.Set(ctx, p2pSvc, o.Namespace, service.Options{ Annotations: o.Annotations, Labels: o.Labels, ServiceSpec: service.Spec{ ExternalTrafficPolicy: "Local", - Ports: setBeeNodePort(setBeeNodePortOptions{ - AppProtocol: "TCP", - Name: "p2p", - Protocol: "TCP", - TargetPort: "p2p", - Port: portP2P, - NodePort: nodePortP2P, - }), - Selector: o.Selector, - Type: "NodePort", + Ports: p2pPorts, + Selector: o.Selector, + Type: "NodePort", }, }); err != nil { return fmt.Errorf("set service in namespace %s: %w", o.Namespace, err) @@ -274,6 +294,7 @@ func (n *nodeOrchestrator) Create(ctx context.Context, o orchestration.CreateOpt ImagePullPolicy: o.ImagePullPolicy, PortAPI: portAPI, PortP2P: portP2P, + PortP2PWSS: portP2PWSS, PersistenceEnabled: o.PersistenceEnabled, ResourcesLimitCPU: o.ResourcesLimitCPU, ResourcesLimitMemory: o.ResourcesLimitMemory, diff --git a/pkg/orchestration/node.go b/pkg/orchestration/node.go index 30f1f57a..ae06f82f 100644 --- a/pkg/orchestration/node.go +++ b/pkg/orchestration/node.go @@ -74,45 +74,51 @@ type CreateOptions struct { // Config represents Bee configuration type Config struct { - AllowPrivateCIDRs bool // allow to advertise private CIDRs to the public network - APIAddr string // HTTP API listen address - BlockTime uint64 // chain block time - Bootnodes string // initial nodes to connect to - BootnodeMode bool // cause the node to always accept incoming connections - CacheCapacity uint64 // cache capacity in chunks, multiply by 4096 (MaxChunkSize) to get approximate capacity in bytes - CORSAllowedOrigins string // origins with CORS headers enabled - DataDir string // data directory - DbOpenFilesLimit int // number of open files allowed by database - DbBlockCacheCapacity int // size of block cache of the database in bytes - DbWriteBufferSize int // size of the database write buffer in bytes - DbDisableSeeksCompaction bool // disables DB compactions triggered by seeks - FullNode bool // cause the node to start in full mode - Mainnet bool // enable mainnet - NATAddr string // NAT exposed address - NetworkID uint64 // ID of the Swarm network - P2PAddr string // P2P listen address - P2PWSEnable bool // enable P2P WebSocket transport - Password string // password for decrypting keys - PaymentEarly uint64 // amount in BZZ below the peers payment threshold when we initiate settlement - PaymentThreshold uint64 // threshold in BZZ where you expect to get paid from your peers - PaymentTolerance uint64 // excess debt above payment threshold in BZZ where you disconnect from your peer - PostageStampAddress string // postage stamp address - PostageContractStartBlock uint64 // postage stamp address - PriceOracleAddress string // price Oracle address - ResolverOptions string // ENS compatible API endpoint for a TLD and with contract address, can be repeated, format [tld:][contract-addr@]url - ChequebookEnable bool // enable chequebook - SwapEnable bool // enable swap - BlockchainRPCEndpoint string // blockchain RPC endpoint - SwapFactoryAddress string // swap factory address - RedistributionAddress string // redistribution address - StakingAddress string // staking address - StorageIncentivesEnable string // storage incentives enable flag - SwapInitialDeposit uint64 // initial deposit if deploying a new chequebook - TracingEnabled bool // enable tracing - TracingEndpoint string // endpoint to send tracing data - TracingServiceName string // service name identifier for tracing - Verbosity uint64 // log verbosity level 0=silent, 1=error, 2=warn, 3=info, 4=debug, 5=trace - WelcomeMessage string // send a welcome message string during handshakes - WarmupTime time.Duration // warmup time pull/pushsync protocols - WithdrawAddress string // allowed addresses for wallet withdrawal + AllowPrivateCIDRs bool // allow to advertise private CIDRs to the public network + APIAddr string // HTTP API listen address + AutoTLSCAEndpoint string // ACME CA endpoint + AutoTLSDomain string // domain for ACME + AutoTLSRegistrationEndpoint string // ACME registration endpoint + BlockchainRPCEndpoint string // blockchain RPC endpoint + BlockTime uint64 // chain block time + BootnodeMode bool // cause the node to always accept incoming connections + Bootnodes string // initial nodes to connect to + CacheCapacity uint64 // cache capacity in chunks, multiply by 4096 (MaxChunkSize) to get approximate capacity in bytes + ChequebookEnable bool // enable chequebook + CORSAllowedOrigins string // origins with CORS headers enabled + DataDir string // data directory + DbBlockCacheCapacity int // size of block cache of the database in bytes + DbDisableSeeksCompaction bool // disables DB compactions triggered by seeks + DbOpenFilesLimit int // number of open files allowed by database + DbWriteBufferSize int // size of the database write buffer in bytes + FullNode bool // cause the node to start in full mode + Mainnet bool // enable mainnet + NATAddr string // NAT exposed address + NATWSSAddr string // NAT exposed secure WebSocket address + NetworkID uint64 // ID of the Swarm network + P2PAddr string // P2P listen address + P2PWSEnable bool // enable P2P WebSocket transport + P2PWSSAddr string // P2P Secure WebSocket listen address + P2PWSSEnable bool // enable P2P Secure WebSocket transport + Password string // password for decrypting keys + PaymentEarly uint64 // amount in BZZ below the peers payment threshold when we initiate settlement + PaymentThreshold uint64 // threshold in BZZ where you expect to get paid from your peers + PaymentTolerance uint64 // excess debt above payment threshold in BZZ where you disconnect from your peer + PostageContractStartBlock uint64 // postage stamp address + PostageStampAddress string // postage stamp address + PriceOracleAddress string // price Oracle address + RedistributionAddress string // redistribution address + ResolverOptions string // ENS compatible API endpoint for a TLD and with contract address, can be repeated, format [tld:][contract-addr@]url + StakingAddress string // staking address + StorageIncentivesEnable string // storage incentives enable flag + SwapEnable bool // enable swap + SwapFactoryAddress string // swap factory address + SwapInitialDeposit uint64 // initial deposit if deploying a new chequebook + TracingEnabled bool // enable tracing + TracingEndpoint string // endpoint to send tracing data + TracingServiceName string // service name identifier for tracing + Verbosity uint64 // log verbosity level 0=silent, 1=error, 2=warn, 3=info, 4=debug, 5=trace + WarmupTime time.Duration // warmup time pull/pushsync protocols + WelcomeMessage string // send a welcome message string during handshakes + WithdrawAddress string // allowed addresses for wallet withdrawal }